Examples with PreAuthenticatedAuthenticationToken - org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken

Example 46 with PreAuthenticatedAuthenticationToken

use of org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken in project irida by phac-nml.

the class ProjectOwnerPermissionTest method testRemoteProjectWrongAuth.

@Test
public void testRemoteProjectWrongAuth() {
    project.setRemoteStatus(new RemoteStatus("http://somewhere", null));
    Authentication authentication = new PreAuthenticatedAuthenticationToken(user, user.getSystemRole());
    boolean customPermissionAllowed = permission.customPermissionAllowed(authentication, project);
    assertFalse("user should not be able to read project", customPermissionAllowed);
}

Also used : Authentication(org.springframework.security.core.Authentication) PreAuthenticatedAuthenticationToken(org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken) RemoteStatus(ca.corefacility.bioinformatics.irida.model.remote.RemoteStatus) Test(org.junit.Test)

Example 47 with PreAuthenticatedAuthenticationToken

use of org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken in project irida by phac-nml.

the class ProjectOwnerPermissionTest method testLocalProject.

@Test
public void testLocalProject() {
    Authentication authentication = new PreAuthenticatedAuthenticationToken(user, user.getSystemRole());
    boolean customPermissionAllowed = permission.customPermissionAllowed(authentication, project);
    verify(userRepository).loadUserByUsername(user.getUsername());
    assertTrue("user should be able to read project", customPermissionAllowed);
}

Example 48 with PreAuthenticatedAuthenticationToken

use of org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken in project irida by phac-nml.

the class ProjectOwnerPermissionTest method testLocalProjectDenied.

@Test
public void testLocalProjectDenied() {
    User user2 = new User();
    user2.setUsername("bob");
    user2.setSystemRole(Role.ROLE_USER);
    when(userRepository.loadUserByUsername(user2.getUsername())).thenReturn(user2);
    Authentication authentication = new PreAuthenticatedAuthenticationToken(user2, user2.getSystemRole());
    boolean customPermissionAllowed = permission.customPermissionAllowed(authentication, project);
    verify(userRepository).loadUserByUsername(user2.getUsername());
    assertFalse("user should not be able to read project", customPermissionAllowed);
}

Also used : User(ca.corefacility.bioinformatics.irida.model.user.User) Authentication(org.springframework.security.core.Authentication) PreAuthenticatedAuthenticationToken(org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken) Test(org.junit.Test)

Example 49 with PreAuthenticatedAuthenticationToken

use of org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken in project irida by phac-nml.

the class RunAsUserAspect method setSecurityContextFromAnalysisSubmission.

/**
 * Advice around a method annotated with {@link RunAsUser}. This method will
 * set the {@link User} specified in the {@link RunAsUser#value()} using
 * SpEL in the security context before the method is run, then reset the
 * original user after the method completes.
 *
 * @param jp
 *            {@link ProceedingJoinPoint} for the called method
 * @param userAnnotation
 *            {@link RunAsUser} annotation specifying the user
 * @return Return value of the method called
 * @throws Throwable
 *             if the method throws an exception
 */
@Around(value = "execution(* *(..)) && @annotation(userAnnotation)")
public Object setSecurityContextFromAnalysisSubmission(ProceedingJoinPoint jp, RunAsUser userAnnotation) throws Throwable {
    // Get the method arguments and apply them to an evaluation context
    MethodSignature signature = (MethodSignature) jp.getSignature();
    String[] parameterNames = signature.getParameterNames();
    Object[] args = jp.getArgs();
    StandardEvaluationContext evaluationContext = new StandardEvaluationContext();
    for (int i = 0; i < args.length; i++) {
        String name = parameterNames[i];
        Object val = args[i];
        evaluationContext.setVariable(name, val);
    }
    // get the expression from the annotation and apply it to the evaluation
    // context
    String expression = userAnnotation.value();
    ExpressionParser parser = new SpelExpressionParser();
    Expression parseExpression = parser.parseExpression(expression);
    Object expressionValue = parseExpression.getValue(evaluationContext);
    if (!(expressionValue instanceof User)) {
        throw new IllegalArgumentException("RunAsUser value must refer to a User");
    }
    User submitter = (User) expressionValue;
    // get the original security context
    logger.trace("Updating user authentication");
    SecurityContext originalConext = SecurityContextHolder.getContext();
    logger.trace("Original user: " + originalConext.getAuthentication().getName());
    logger.trace("Setting user " + submitter.getUsername());
    Object returnValue = null;
    try {
        // set the new user authentication
        PreAuthenticatedAuthenticationToken submitterAuthenticationToken = new PreAuthenticatedAuthenticationToken(submitter, null, Lists.newArrayList(submitter.getSystemRole()));
        SecurityContext newContext = SecurityContextHolder.createEmptyContext();
        newContext.setAuthentication(submitterAuthenticationToken);
        SecurityContextHolder.setContext(newContext);
        // run the method
        returnValue = jp.proceed();
    } finally {
        // return the old authentication
        logger.trace("Resetting authentication to " + originalConext.getAuthentication().getName());
        SecurityContextHolder.setContext(originalConext);
    }
    return returnValue;
}

Also used : StandardEvaluationContext(org.springframework.expression.spel.support.StandardEvaluationContext) User(ca.corefacility.bioinformatics.irida.model.user.User) MethodSignature(org.aspectj.lang.reflect.MethodSignature) PreAuthenticatedAuthenticationToken(org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken) ProceedingJoinPoint(org.aspectj.lang.ProceedingJoinPoint) SpelExpressionParser(org.springframework.expression.spel.standard.SpelExpressionParser) Expression(org.springframework.expression.Expression) SecurityContext(org.springframework.security.core.context.SecurityContext) ExpressionParser(org.springframework.expression.ExpressionParser) SpelExpressionParser(org.springframework.expression.spel.standard.SpelExpressionParser) Around(org.aspectj.lang.annotation.Around)

Example 50 with PreAuthenticatedAuthenticationToken

use of org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken in project syndesis by syndesisio.

the class UserHandlerTest method successfulWhoAmI.

@Test
public void successfulWhoAmI() {
    openShiftServer.expect().get().withPath("/oapi/v1/users/~").andReturn(200, new UserBuilder().withFullName("Test User").withNewMetadata().withName("testuser").and().build()).once();
    SecurityContextHolder.getContext().setAuthentication(new PreAuthenticatedAuthenticationToken("testuser", "doesn'tmatter"));
    UserHandler userHandler = new UserHandler(null, new OpenShiftServiceImpl(openShiftServer.getOpenshiftClient(), null));
    User user = userHandler.whoAmI();
    Assertions.assertThat(user).isNotNull();
    Assertions.assertThat(user.getUsername()).isEqualTo("testuser");
    Assertions.assertThat(user.getFullName()).isNotEmpty().hasValue("Test User");
}

Also used : User(io.syndesis.common.model.user.User) PreAuthenticatedAuthenticationToken(org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken) OpenShiftServiceImpl(io.syndesis.server.openshift.OpenShiftServiceImpl) UserBuilder(io.fabric8.openshift.api.model.UserBuilder) Test(org.junit.Test)

Aggregations

PreAuthenticatedAuthenticationToken (org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken)60 Authentication (org.springframework.security.core.Authentication)34 Test (org.junit.Test)11 SecurityContext (org.springframework.security.core.context.SecurityContext)10 OAuth2Authentication (org.springframework.security.oauth2.provider.OAuth2Authentication)7 User (ca.corefacility.bioinformatics.irida.model.user.User)6 AuthenticationException (org.springframework.security.core.AuthenticationException)6 GrantedAuthority (org.springframework.security.core.GrantedAuthority)6 MidPointPrincipal (com.evolveum.midpoint.security.api.MidPointPrincipal)5 AnonymousAuthenticationToken (org.springframework.security.authentication.AnonymousAuthenticationToken)4 MidpointAuthentication (com.evolveum.midpoint.authentication.api.config.MidpointAuthentication)3 ModuleAuthentication (com.evolveum.midpoint.authentication.api.config.ModuleAuthentication)3 X509Certificate (java.security.cert.X509Certificate)3 ArrayList (java.util.ArrayList)3 OrcidProfileUserDetails (org.orcid.core.oauth.OrcidProfileUserDetails)3 BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)3 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)3 UsernameNotFoundException (org.springframework.security.core.userdetails.UsernameNotFoundException)3 PasswordAuthenticationContext (com.evolveum.midpoint.model.api.context.PasswordAuthenticationContext)2 PrismObject (com.evolveum.midpoint.prism.PrismObject)2